Information security

Information security has become a business-critical issue. It is not something you can tackle in isolation, as there are obvious overlaps with cyber security and data protection.

A logical process for reviewing and addressing your information security requirements is to:

•
identify what information you hold, manage or are responsible for
•
assess the risks to that information
•
implement systems and controls to protect the information and mitigate risks so far as reasonably practicable
•
train your staff to include ongoing awareness campaigns
•
review your processes on a recurring basis, at least annually

Regulatory requirements

SRA

You must protect client money and assets.

You must also keep the affairs of clients confidential unless disclosure is required or permitted by law or the client consents.

Data protection

Integrity and confidentiality of personal data is a key principle of the Assimilated Regulation (EU) 2016/679, General Data Protection Regulation (UK GDPR). Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. This is

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Practice Compliance News

LeO publishes updated guidance to promote prompt and fair resolution of complaints

The Legal Ombudsman (LeO) has published enhanced guidance on remedies to help legal service providers resolve complaints more promptly and fairly. In 2024/25, LeO awarded over £3.7m in remedies, with compensation for emotional effects being the most common remedy—appearing in over 85% of complaints where service failings were identified. The guidance offers practical support to providers aimed at addressing the issue that many complaints reaching LeO have not received suitable remedies at first tier. It outlines a fair and consistent process for evaluating and offering remedies, encourages legal service providers to determine appropriate remedy amounts, reassure clients of their fairness and clearly communicate the reasoning behind such decisions.

Commission and AI Board confirm GPAI Code of Practice meets AI Act compliance standards

The European Commission and the European AI Board have published a formal opinion, confirming that the General-Purpose AI (GPAI) Code of Practice, developed by independent experts, is an adequate voluntary tool for providers of GPAI models to demonstrate compliance with the EU AI Act.

OFSI issues penalty to company for Russia sanctions breach

The Office of Financial Sanctions Implementation (OFSI) has issued a £300,000 penalty on Markom Management Limited (MML) for breaching UK financial sanctions against Russia. The breach involved MML instructing a payment of £416,590.92 to a designated individual subject to an asset freeze under sanctions introduced following Russia’s 2014 annexation of Crimea. MML acted with knowledge of the recipient’s designation and failed to implement adequate compliance and control measures. This enforcement action underscores the necessity for all firms to assess their exposure to sanctions risks, maintain robust compliance systems and promptly report suspected breaches to the OFSI.

DBT and OTSI update guidance on trade sanctions breach assessments

The Department for Business and Trade (DBT) and the Office of Trade Sanctions Implementation (OTSI) have updated their guidance on assessing trade sanctions breaches. Section 5, ‘Referral to HMRC’, has been amended to clarify that HMRC has the authority to offer compound penalties in criminal enforcement cases.

View Practice Compliance by content type :

News